While I was leaving for Barcelona to visit a friend and to enjoy Les Festes de la Mercè, a user of Subtext found a security problem in our integration with the WYSIWYG editor FCKeditor. And only one day after it has been discovered Phil released a security patch that fixes the problem.

The vulnerability allowed a user to upload files in the images folder of a blog without being authenticated.